WCF on .NET Core missing client Negotiate scheme in authorization scheme
将WCF服务和ASP.NET Core网站移至服务器后,出现以下错误:
1 | The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate, NTLM'. |
我仅使用以下web.config在WCF服务上启用了Windows身份验证:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | <system.serviceModel> <client /> <behaviors> <serviceBehaviors> <behavior name="authBehavior"> <serviceAuthorization principalPermissionMode="UseWindowsGroups"> </authorizationPolicies> </serviceAuthorization> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCF.IdentityValidator, WCF" /> <serviceCertificate findValue="16E86CCAFFE6211DAE6E841B984F71FB7609D349" storeLocation="LocalMachine" x509FindType="FindBySerialNumber" storeName="My" /> </serviceCredentials> <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <bindings> <basicHttpsBinding> <binding name="basicHttpsEndpointBinding" maxReceivedMessageSize="1073741824" maxBufferSize="1073741824" maxBufferPoolSize="1073741824"> <readerQuotas maxDepth="32" maxArrayLength="1073741824" maxStringContentLength="1073741824" /> <security mode="Transport"> <transport clientCredentialType="Ntlm" /> </security> </binding> </basicHttpsBinding> </bindings> <services> <service name="WCF.MyService" behaviorConfiguration="authBehavior"> <endpoint address="" binding="basicHttpsBinding" bindingConfiguration="basicHttpsEndpointBinding" contract="WCF.IMyService"> <identity> <dns value="example.com" /> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> |
ASP.NET Core客户端:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | BasicHttpsBinding binding = new BasicHttpsBinding { MaxBufferPoolSize = 1073741824, MaxBufferSize = 1073741824, MaxReceivedMessageSize = 1073741824 }; binding.ReaderQuotas.MaxDepth = 32; binding.ReaderQuotas.MaxArrayLength = 1073741824; binding.ReaderQuotas.MaxStringContentLength = 1073741824; binding.Security.Mode = BasicHttpsSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm; MyServiceClient client = new MyServiceClient(binding, new EndpointAddress(new Uri("https://example.com/MyService.svc"), new DnsEndpointIdentity("mydomain.com"))); client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; client.ClientCredentials.Windows.ClientCredential.Domain = Configuration.GetSection("WCF")["MyServiceDomain"]; client.ClientCredentials.Windows.ClientCredential.UserName = Configuration.GetSection("WCF")["MyServiceUserName"]; client.ClientCredentials.Windows.ClientCredential.Password = Configuration.GetSection("WCF")["MyServicePassword"]; // client call |
我没什么主意了。如果我将Ntlm的config / code更改为Windows,则客户端身份验证方案"协商"会出错。我可以以某种方式同时使用这两者,还是必须以某种方式从IIS中删除Negotiate / Ntlm?
感谢任何想法!
解决方案!
文章https://blogs.msdn.microsoft.com/distributedservices/2009/11/10/wcf-calling-wcf-service-hosted-in-iis-on-the-same-machine-as中的方法1 -客户端引发身份验证错误/
需要重新启动服务器!
我发现这篇文章为我的问题提供了解决方案
文章:https://blogs.msdn.microsoft.com/distributedservices/2009/11/10/wcf-calling-wcf-service-hosted-in-iis-on-the-same-machine-as-client -throws-authentication-error /
使用方法1.需要重新启动服务器!
在注册表中,我像
一样使用了CNAME
1 2 3 4 5 6 | mySubdomain mySubdomain.myDomain.com localhost 192.168.0.xxx 192.168.0.1 (default gateway) xx.xx.xx.xx (my ip address) |